Cyborg Security has partnered with Splunk to provide contextual threat intelligence and “in-tool” Threat Hunt & Detection Packages via a Splunk App available on SplunkBase.
Cyborg Security is a pioneer in threat hunting and intelligence, empowering defenders and enabling organizations to transform their Threat hunting capability. Cyborg Security’s portal provides contextualized use cases, Threat Hunt & Detection Packages, and a focused Threat Intelligence feed. The portal makes it easy to deploy tailored content queries mapped to your unique SIEM, or Data Lake environments, and are ready-to-run utilizing Cyborg’s Automatic Mapping Process.
Cyborg Security is comprised of advanced threat hunters, threat intelligence specialists, incident response and digital forensics analysts and security engineers. Cyborg Security’s core goal is to provide advanced threat hunting use cases, content, and intelligence. Cyborg supplements the time consuming and difficult tasks of creating, testing, vetting, and developing advanced use cases and threat hunting content while delivering feature complete Threat Hunt and Detection Packages.
The current version of the Cyborg Security Splunk App provides customers the ability to configure and ingest Cyborg Security’s targeted, tailored, contextualized, and enriched threat feed as a lookup table. The threat feed concentrates on top commodity malware, the latest threats, and APT actors while maintaining a focus on ease of operationalizing the feed allowing analysts to classify, rank, prioritize, and respond to threats faster. All of Cyborg Security’s indicators of compromise are vetted, validated, and contextualized using frameworks like MITRE ATT&CK, Kill Chain and the Diamond Model and includes a wealth of meta data such as region, industry, attack surface and detailed threat information. This level of contextualization provides organizations and analysts “to-the-point” information needed to respond effectively and efficiently. The Cyborg Security Threat Intelligence feed also includes a comprehensive decay model based on the indicator type, ensuring that the indicators of compromise are actionable and relevant.
In a future release, Cyborg Security will enable its Threat Hunt & Detection Packages to be automatically ingested and configured within the Cyborg Security Splunk App. This integration will extend the capabilities of Cyborg Security’s HUNTER Platform and simplify the threat hunting process by allowing the management of deployed content directly in the Splunk interface. Additional contextualized information including detailed taxonomies, meta data and frameworks will also be ingested into the Cyborg Security Splunk App allowing analyst to stay in-app as they navigate the threat hunting processes.